Cybercriminals often use marketplaces in order to achieve monetary benefit.

Hacktivists attempt to establish a social or political cause across all different types of platforms.

Terrorists seek to spread propaganda and recruitment.

Insiders are motivated by a variety of factors, but oftentimes leak sensitive data onto the Dark Web for reprisal against their employer or for financial gain.

Lastly, there are curious threat intelligence analysts who want to learn more from the Dark Web, assist in bug bounty programs, or enhance their technical skillsets.

Q. What are some case studies of Dark Web sites?

Various data is stolen and sold on the Dark Web. Below are just a few examples:

Financial information: Credit and debit cards are sold across many forums and marketplaces. Stolen cards come from all countries and data breaches. Oftentimes, they are sold for as little as $1. Tax data, including W-2 forms, are also popularly sold on the Dark Web.

Personal Information: Everything from names, addresses, Social Security Numbers (SSN), dates of birth, and even an associated Starbucks account, is sold on the Dark Web. When this information is compiled together and sold in a transaction, these data dumps are called “fullz” because they contain all of a person’s identifiable information.

Health records: Although health records are harder to find, they are becoming more available by the day. This is a growing concern and a vulnerability for the future.

Miscellaneous: Drugs are everywhere on the Dark Web – you can purchase virtually any prohibited item imaginable. Moreover, you can purchase or simply download information that can be damaging to an individual – such as stolen information from the extramarital dating website Ashley Madison. You can also purchase a hacker or exploit to carry out an attack against an organization of your choosing. The possibilities are limitless.

Q. Anything else you would like to add about the Dark Web?

I want to note that the underground criminal community has expanded to encompass anything you can imagine – goods, hitmen, even “hacker clothes.” Most of the websites have an Amazon-type feel to them, in which buyers provide seller feedback and note the authenticity of the stolen goods/services/information. The majority of transactions are handled in cryptocurrency (usually bitcoin), mail forwards, and electronic gift cards. I don’t encourage anyone to do their Christmas shopping here, though.

(This post originally appeared on the ISACA blog, which can be viewed here).